package org.xdi.oxd.server.op;

import com.google.common.base.Strings;
import com.google.inject.Injector;
import java.util.HashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xdi.oxauth.client.ClientUtils;
import org.xdi.oxauth.client.TokenClient;
import org.xdi.oxauth.client.TokenRequest;
import org.xdi.oxauth.client.TokenResponse;
import org.xdi.oxauth.model.common.AuthenticationMethod;
import org.xdi.oxauth.model.common.GrantType;
import org.xdi.oxauth.model.jwt.Jwt;
import org.xdi.oxauth.model.util.Util;
import org.xdi.oxd.common.Command;
import org.xdi.oxd.common.CommandResponse;
import org.xdi.oxd.common.ErrorResponseCode;
import org.xdi.oxd.common.ErrorResponseException;
import org.xdi.oxd.common.params.GetTokensByCodeParams;
import org.xdi.oxd.common.response.GetTokensByCodeResponse;
import org.xdi.oxd.server.service.SiteConfiguration;

/* loaded from: input_file:org/xdi/oxd/server/op/GetTokensByCodeOperation.class */
public class GetTokensByCodeOperation extends BaseOperation<GetTokensByCodeParams> {
    private static final Logger LOG = LoggerFactory.getLogger(GetTokensByCodeOperation.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public GetTokensByCodeOperation(Command command, Injector injector) {
        super(command, injector, GetTokensByCodeParams.class);
    }

    @Override // org.xdi.oxd.server.op.IOperation
    public CommandResponse execute(GetTokensByCodeParams getTokensByCodeParams) throws Exception {
        validate(getTokensByCodeParams);
        SiteConfiguration site = getSite();
        TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
        tokenRequest.setCode(getTokensByCodeParams.getCode());
        tokenRequest.setRedirectUri(site.getAuthorizationRedirectUri());
        tokenRequest.setAuthUsername(site.getClientId());
        tokenRequest.setAuthPassword(site.getClientSecret());
        tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
        TokenClient tokenClient = new TokenClient(getDiscoveryService().getConnectDiscoveryResponse(site.getOpHost()).getTokenEndpoint());
        tokenClient.setExecutor(getHttpService().getClientExecutor());
        tokenClient.setRequest(tokenRequest);
        TokenResponse exec = tokenClient.exec();
        ClientUtils.showClient(tokenClient);
        if (exec.getStatus() != 200 && exec.getStatus() != 302) {
            LOG.error("Failed to get tokens because response code is: " + exec.getScope());
            return null;
        }
        if (!Util.allNotBlank(new String[]{exec.getAccessToken()})) {
            return null;
        }
        GetTokensByCodeResponse getTokensByCodeResponse = new GetTokensByCodeResponse();
        getTokensByCodeResponse.setAccessToken(exec.getAccessToken());
        getTokensByCodeResponse.setIdToken(exec.getIdToken());
        getTokensByCodeResponse.setRefreshToken(exec.getRefreshToken());
        getTokensByCodeResponse.setExpiresIn(exec.getExpiresIn().intValue());
        Jwt parse = Jwt.parse(exec.getIdToken());
        String claimAsString = parse.getClaims().getClaimAsString("nonce");
        if (!getStateService().isNonceValid(claimAsString)) {
            throw new ErrorResponseException(ErrorResponseCode.INVALID_NONCE);
        }
        if (!CheckIdTokenOperation.isValid(parse, getDiscoveryService().getConnectDiscoveryResponse(site.getOpHost()), claimAsString, site.getClientId())) {
            LOG.error("ID Token is not valid, token: " + exec.getIdToken());
            return null;
        }
        getTokensByCodeResponse.setIdTokenClaims(parse.getClaims() != null ? parse.getClaims().toMap() : new HashMap());
        site.setIdToken(exec.getIdToken());
        site.setAccessToken(exec.getAccessToken());
        getSiteService().update(site);
        getStateService().invalidateState(getTokensByCodeParams.getState());
        return okResponse(getTokensByCodeResponse);
    }

    private void validate(GetTokensByCodeParams getTokensByCodeParams) {
        if (Strings.isNullOrEmpty(getTokensByCodeParams.getCode())) {
            throw new ErrorResponseException(ErrorResponseCode.BAD_REQUEST_NO_CODE);
        }
        if (Strings.isNullOrEmpty(getTokensByCodeParams.getState())) {
            throw new ErrorResponseException(ErrorResponseCode.BAD_REQUEST_NO_STATE);
        }
        if (!getStateService().isStateValid(getTokensByCodeParams.getState())) {
            throw new ErrorResponseException(ErrorResponseCode.BAD_REQUEST_STATE_NOT_VALID);
        }
    }
}
